The Patch Gap Exposes Your Technology

I received an e-mail this morning from my network drive, a Western Digital MyCloud. While it comes with all sorts of bells and whistles to synchronize to the cloud, or to be accessible over the internet, I’ve limited its availability to internal users. But the e-mail (from the device, not the company) warned me that there was a firmware update, a feature I’d turned on but hadn’t actually benefitted from before.

Time Lapse

If everything I’ve just typed is gobbledygook, you’re not alone. A lot of this stuff is under the hood. I know about Samba only because I have to turn it on when I’m using a Linux machine on my Windows network. You may be using it without realizing it. You may also be using a Windows operating system that, because it auto-updates, has already patched the bug.

It made me think about the gap that can occur between when a bug is announced and a patch is issued. Western Digital took 6 months.

Stay Up to Date

Unfortunately, there’s no good way to stay on top of that time lapse. One of my favorite sites is US CERT, which has helpful pages like this one – describing how to fix this Apple root problem by yourself, without software – but it’s not always possible to stay on top of new exploits AND whether or not they impact you. Even had I thought to check whether my Western Digital drive had the Samba flaw, I couldn’t have manually fixed it.

Where you can, you should be:

allowing your software to automatically update and add patches, both your operating system and the apps you run on it

thinking about who has physical and virtual access to your devices, and take steps to make sure you keep them within your control

In some cases, the exploit will never be patched. In that case, you’ll need to physically replace the technology or accept the risk that someone can use the exploit. But you can still be proactive by thinking about who accesses your technology and how.

Share this:

Related

I improve information access and lead information teams. My books on finding information and managing it and practicing law using cloud computing reflect my interest in information management, technology, law practice, and legal research. I've been a library director in Canada and the US, as well as directing the American Bar Association's Legal Technology Resource Center. I speak and write frequently on information, technology, law library, and law practice issues.

Post navigation

Spotlight on

FIlter bubbles can cause information pros to miss important or relevant information. This is how I use a mixture of apps, web sites, and filtering tools to get both focused results and some sense of serendipity in my current awareness and news gathering. Read More about “Curate to See Broader Information Set”…